HN
Today

Show HN: Terminal Phone – E2EE Walkie Talkie from the Command Line

TerminalPhone is an impressive single Bash script providing anonymous, end-to-end encrypted voice and text communication over Tor, functioning as a command-line walkie-talkie. Hacker News celebrated its elegant, server-less architecture that leverages Tor hidden services for identity and NAT traversal, eliminating complex setup or external accounts. The community was particularly captivated by the project's robust features—from configurable ciphers to HMAC protocol authentication—all meticulously crafted within a self-contained script.

99
Score
24
Comments
#1
Highest Rank
12h
on Front Page
First Seen
Feb 26, 11:00 AM
Last Seen
Feb 26, 10:00 PM
Rank Over Time
1111144814161413

The Lowdown

TerminalPhone is a unique open-source project, implemented entirely as a single Bash script, that delivers anonymous and end-to-end encrypted (E2EE) voice and text communication. Operating like a command-line walkie-talkie, it routes all communications over the Tor network and uses Tor hidden services for identity and connectivity, thereby eliminating the need for any central server infrastructure, user accounts, or traditional phone numbers. This clever design allows for direct, peer-to-peer secure communication with a focus on privacy and simplicity.

  • Walkie-Talkie Voice Messaging: Records a complete voice message and transmits it upon release, eschewing live streaming for a more discrete, message-based interaction.
  • In-Call Encrypted Chat: Allows for secure, encrypted text message exchange during an active call session.
  • Server-Less Architecture: Completely relies on Tor hidden services, with a user's .onion address serving as their identity, removing dependencies on third-party servers.
  • Configurable Application-Layer Encryption: Offers 21 curated ciphers for E2EE on top of Tor's transport encryption, using a pre-shared secret for key derivation.
  • HMAC Protocol Authentication: An optional security layer that signs all protocol messages with HMAC-SHA256, utilizing nonces to prevent replay and injection attacks.
  • Cross-Platform Compatibility: Designed to run on standard Linux distributions and Android via Termux, requiring no root access.
  • Low Bandwidth Footprint: Employs the Opus codec at 16kbps, ensuring efficient data transfer, with typical 10-second voice messages under 20KB.
  • Voice Changer Effects: Includes a variety of presets (e.g., deep, robot) and custom configurable audio effects like pitch shift and echo.
  • Enhanced Privacy Controls: Features include passphrase-protected secrets, opaque temporary files to prevent metadata leaks, opt-in Tor circuit hop display, and the ability to exclude specific countries from Tor circuits.

TerminalPhone stands out as a testament to the power of minimalist, yet feature-rich, scripting. It offers a robust, privacy-centric communication tool that effectively leverages existing cryptographic and anonymizing technologies within a surprisingly compact and self-contained package.

The Gossip

Architectural Acumen & Onion Innovation

Many commenters expressed admiration for the project's elegant architectural choice of using Tor hidden services for both identity and NAT traversal, noting it as a 'clean architectural choice' that avoids complexities like STUN/TURN servers. The community appreciated the project's contribution to practical, real-world applications of onion services, seeing it as a way to generate more 'cover traffic' for the Tor network and validating the spirit of building features 'because we can.'

Security Strengths & Secret Swaps

Discussion naturally gravitated to the project's security model. The necessity of securely exchanging a pre-shared secret out-of-band was acknowledged as a practical limitation for widespread use but deemed appropriate for its niche. Reviewers praised features like optional HMAC-SHA256 protocol signing and the ability to exclude countries from Tor circuits, though some questioned the real-world impact of the latter. The author clarified the choice of application-layer encryption on top of Tor, explaining a preference for encrypting data before it even hits the network pipe.

Bash Scripting & Buffering Blunders

The pure Bash implementation garnered significant attention, prompting discussions about its inherent trade-offs. The 'record-then-send' model, while fitting a walkie-talkie paradigm, was noted for introducing 2-3 second delays. The use of base64 encoding for audio, which adds approximately 30% overhead, was understood as a limitation of Bash for handling raw binary data. The availability of 21 ciphers, driven by the 'because we can' philosophy, sparked a humorous debate on cryptographic agility versus simplicity, with suggestions to streamline options.